Highest Voted 'docker' Questions - IT Security Stack Exchange

13

votes

3 answers

Risks posed by docker daemon running as root

My team has been getting pretty excited about using docker because it promises to simplify our deployments and provide a number of other design and operational benefits. We recently started to really get things rolling with it and ran into some…

docker

asked Oct 09 '15 at 20:18

JimmyJames

3,059
2
18
25

11

votes

1 answer

Is adding docker group not a good idea?

Question Is creating a docker group could be a bad idea from security perspectives? I saw stack exchange answers which tells to create docker group to avoid issues of needing root permission or sudo. However I think the article Why we don't let…

docker

asked Jan 27 '18 at 13:03

mon

295
3
9

11

votes

1 answer

Does running random "docker pull" essentially mean I'm giving someone root access?

I just noticed I'm rather eager to test projects that have a Docker container bundled with them. I do realize that setting a sudoers exception for the "docker" command basically means giving root access on the host system to regular users. Is…

docker

asked Oct 17 '15 at 00:15

d33tah

6,544
8
40
61

10

votes

1 answer

I'm seeing strange names in my list of docker containers, is someone having fun at docker or is that from hackers?

I'm trying to run a docker and it fails for various reasons. As I check my list of dockers (docker ps -a), I see those…

docker

asked Feb 09 '20 at 23:22

Alexis Wilke

1,007
8
25

7

votes

2 answers

Attack vectors when running untrusted docker images

What are the possible attack vectors if I am running user-submitted docker image, e.g. pull via docker pull FOO; ... docker run FOO where FOO is a user-submitted string containing the name of a Docker Hub repository? This is not a question about…

docker

asked Dec 22 '16 at 00:42

Alex Flint

173
6

6

votes

1 answer

What's the risk from enabling ptrace in docker?

Solutions for various problems (e.g., here and here) suggest enabling SYS_PTRACE when running a container that, say, needs to run a debugger or a fuzzer. Given that the capability isn't enabled by default, there must be some security implications of…

docker

asked Oct 24 '18 at 01:31

jhfrontz

223
1
5

5

votes

1 answer

Does it matter if my docker container image is rootless, if docker daemon is rootless (or uses UserNS-remap)?

You can and generally should (1) run docker daemon (or podman, or something else) as rootless, and/or (2) use user namespace-remapping, to improve security. You can also (3) use rootless images, where the container does not run any processes as…

docker

asked May 16 '23 at 19:34

Janne Mattila

215
1
5

4

votes

2 answers

Should the traffic between the containers need to be encrypted?

Should the traffic between two containers in same docker environment need to be encrypted ? Is it possible for a container to snoop into the un-encrypted traffic between two containers ?

docker

asked May 31 '18 at 11:07

nkg

181
6

4

votes

2 answers

Is running wp-cli as root in docker container dangerous?

I'm deploying a web app that consists of 5 containers: MariaDB PHP-FPM nginx Data Only Container WP CLI When I try to run a WP CLI command, I get the following warning: Error: YIKES! It looks like you're running this as root. You probably meant…

docker

asked Jan 27 '16 at 23:14

IAmJulianAcosta

2,475
3
16
18

3

votes

1 answer

Secure elasticsearch in Docker

How can I secure elasticsearch for production use in Docker? I use this docker-compose.yml: version: '2' services: elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:5.6.16 container_name: elasticsearch restart:…

docker

asked Nov 17 '19 at 12:54

tomsk

389
2
8

2

votes

2 answers

Container Vulnerability Management for non-dev-organizations

Is there a good best practice for container vulnerability management when you are not a dev shop? I am currently trying to figure out how to set up a proper supply chain risk management system for a company that only consumes docker images as a…

docker

asked May 12 '23 at 10:47

Stefan Lorenz

383
1
10

2

votes

2 answers

Can sharing docker info compromise security?

Running docker info gives a result such as this: $ docker info Containers: 1 Running: 0 Paused: 0 Stopped: 1 Images: 2 Server Version: 18.06.1-ce Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff:…

docker

asked Sep 25 '18 at 11:27

shirish

151
4

2

votes

2 answers

Is it necessary to apply security updates to Docker hosts?

For a web server that handles 100% of incoming traffic with Docker containers is it necessary to apply security updates to the host (other than kernel and Docker updates)?

docker

asked Jul 18 '17 at 10:15

nwarp

207
2
5

1

vote

1 answer

How do you control restrict actions within Docker without Kubernetes?

Based on the documentation here https://docs.docker.com/engine/security/, it does not seem that there are any built-in features to restrict the current logged-in user to run certain Docker commands. For example, I'd only want to allow a user to…

docker

asked Sep 22 '22 at 14:57

transcend3nt

109
6

1

vote

1 answer

Is Docker Desktop safe to use on a unsecured network?

I use Docker Desktop for Windows. I noticed it adds to my OS's host file host.docker.internal, where is the private machine IP for the connected local network. (This DNS name is used to communicate from containers to the host machine.)…

docker

asked Nov 26 '20 at 23:13

Code

403
1
5
6

Questions tagged [docker]